Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Advertisements

RKinner

Posted 12 August 2012 - 09:07 PM

Squeaky clean! If there are no other problems then I think we can clean up now:

We need to cleanup System Restore:

Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.

You can uninstall or delete any tools we had you download and their logs. To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, All Programs, Accessories then right click on Command Prompt and Run As Administrator.then right click, Paste, then hit Enter.

OTL has a cleanup tab if you go there it will remove itself and its logs.

To hide hidden files again (OTL may do it for you):

Vista or Win7

# Open the Control Panel menu and click Folder Options.# After the new window appears select the View tab.# Remove the check in the checkbox labeled Display the contents of system folders.# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.# Check the checkbox labeled Hide protected operating system files.# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker: http://www.filehippo.../updatechecker/(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week. Seems to work best if Firefox is the default browser. You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

RKinner

Posted 12 August 2012 - 09:09 PM

RKinner

Malware Expert

Expert

20,505 posts

In addition to the above:

Stick with Avast for a while and see how you like it. Some people object to the voice notification of updates. To turn it off, click on the Avast ball then on Settings. Then on Sounds and uncheck Automatic Updates OK. (It will still update it just won't tell you about in a loud voice in the middle of the night.)

They have also started using their info popup to try and get you to upgrade so I go into Settings, Popups and change the first two to 1 second.

The registration is good for 12-14 months then you will need to register again. They will, of course, try to talk you into buying the product but you can always register again for another year free.

yugie23

Posted 12 August 2012 - 11:51 PM

yugie23

Member

Topic Starter

Member

13 posts

First commands wouldn't allow me to delete, said was in use by another program. Attempted to install SP1, got same message after reboot. Box comes up stating "Installation was not successful"but directly below that is "The operation completed successfully" if I click on details it states "Error: DS_S_SUCCESS(0x0)". The findstr command returned "FINDSTR: Cannot open cbs.log". I have tried stopping cryptographic services and windows update service, renaming SoftwareDistribution folder. Running the system readiness tool and installing the SP1 standalone to no avail.

RKinner

Posted 13 August 2012 - 01:24 AM

yugie23

Posted 13 August 2012 - 09:09 PM

yugie23

Member

Topic Starter

Member

13 posts

blah, I don't want SP1 that bad. Don't really want to reinstall Windows at the moment. I've thrown everything out there I could find at it and it still gives the update error, just on SP1. All other updates are fine. It no longer has a virus, and I thank you for the help. I'm throwing in the towel on the SP1 problem. May come back to it later.